<?php
include "db.php";
if ($user_id<1){
    die("请先登录");
}

$old_password = $_POST["old_password"] ?? "";
$password = $_POST["password"] ?? "";
$password1 = $_POST["password1"] ?? "";

if ($old_password =='' ||  $password =='' ){
    die("密码不能为空");
}

if ($password != $password1){
    die("两次密码不一致");
}

// 验证旧密码的有效性
$sql = "select * from user where id = '{$user_id}'";
$user = $db->read($sql)[0];
if (!password_verify($old_password,$user["password"])){
    die("旧密码错误");
}
// 加密新密码
$password = password_hash($password,PASSWORD_DEFAULT);

// 更新新密码
$sql = "update user set password = '{$password}' where id = '{$user_id}'";
$is = $db->write($sql);

// 跳转回登录密码页
if ($is){
    header("refresh:1;url=login.php");
    echo "修改成功,1秒后自动跳转到登录密码页面";
}else{
    echo "修改失败，可能是SQL错误";
}

?>